Data Breaches in Higher Education – PCI-Validated P2PE Can Help Devalue the Data

Gone are the days of only the big retail breaches making headlines. Now its healthcare organizations like Anthem, enterprises like Equifax, and unfortunately, colleges and universities of all sizes. As we get ready for our higher education partner, Blackboard’s, spring user’s meeting this week, we review the security technologies that can help mitigate the effects of a data breach in higher education, including PCI-validated point-to-point encryption (P2PE) to devalue the data.

Data breaches continue to rise in higher education, and for good reason. According to the Ponemon Institute, the price that educational records can fetch on the black market rose from $245 in 2017 to $265 in 2018. Not surprisingly, Verizon’s 2018 Data Breach investigation report finds that 70% of cybersecurity occurrences are inspired by the possibility of financial gain – and there is plenty of sensitive information to be sold in educational records.

On top of the fact that higher education is a massive target, the EfficientIP Report, which was released in the fall of 2018, ranked higher education as the worst business sector for handling cyber threats. According to the report, one of the reasons that higher educational institutions may not have efficient IT teams is because their leaders have come through the ranks of academia and are not trained specifically on how to handle cyber security.

The Role of P2PE and Devaluing the Data in Campus Payments

When considering how to protect sensitive data in any organization – particularly lucrative payment data – there are two security paths that colleges and universities can consider: Defend the Data or Devalue the Data. With the Defend the Data approach, educational institutions can build stronger, higher, and more expensive walls of security around their systems and data.

With the Devalue the Data approach, educational institutions employ security technology to devalue the cardholder data before it reaches their point-of-sale (POS) systems, rendering the data useless to hackers if it is exposed.

PCI-validated P2PE is an example of a technology that embodies the Devalue the Data approach. Bluefin’s P2PE solutions encrypt credit and debit card data at the Point of Interaction (POI) in a PCI approved P2PE device and decryption is done only in an approved Bluefin Hardware Security Module (HSM) located outside of the university’s payment environment. Our solutions prevent clear-text cardholder data from being present in a university’s system or network where it could be accessible in the event of a data breach.

P2PE Secures Credit Card Information throughout the University Environment

Athletics and Ticketing

Athletics are a significant source of revenue for colleges and universities. Bluefin provides P2PE solutions for every mode of stadium and theater payments, from mobile to countertop to advance purchase of tickets online. And we also have the widest network of ticketing software providers that have integrated to our P2PE solution.

Dining

Bluefin’s PCI-validated P2PE solutions provide the highest level of security and flexibility for your dining establishments, including mobile devices such as the BBPOS Wisepad 2, the Miura M010, and the PAX A920. And our P2PE kiosk solutions are ideal for reloading meal and purchase cards.

Health Clinics/Hospitals

Universities and colleges can also have their own clinics and hospitals. And there are a variety of ways that patients can make payments on campus – from over the phone to a countertop payment, paying online, to even mobile. Bluefin has partnered with healthcare software providers, such as Epic Systems, OnPlan Health and Phreesia, to provide our PCI-validated P2PE solution through these platforms.

By clicking to subscribe, you are agreeing to our privacy policy. You can unsubscribe at any time by clicking “Unsubscribe” on the newsletter.
We use MailChimp as our marketing platform. By clicking to subscribe, you acknowledge that your information will be transferred to MailChimp for processing. Learn more about MailChimp's privacy practices here.